I get the Resource Group deployment template from the portal (copy/paste) or from the CLI:
az group export --name {source_resource_group_name} --include-comments --include-parameter-default-value --output json
Later, I cannot create resources using this template neither from the portal, nor from the CLI:
az deployment group validate --resource-group {target_resource_group_name} --template-file {arm_file_path} --parameters ...
az deployment group create --name {deployment_name} --resource-group {target_resource_group_name} --template-file {arm_file_path} --parameters ...
I get this error:
{
"code": "Resource has invalid name",
"message": "Resource has invalid name Microsoft.Audio. Characters /, \, ?, #, [, ], , ., @, %, &, *, (, ), +, =, ;, :, ,, <, > are not allowed."
}
…because some resources related to the OpenAI or KeyVault have names like:
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2024-04-01-preview",
"name": "[concat(parameters('vaults_kv_my_random_keyvault_name'), '/my-random-secret')]",
"location": "swedencentral",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_kv_my_random_keyvault_name'))]"
],
"properties": {
"attributes": {
"enabled": true
}
}
}
All the resources (including the child ones) within the exported template are at root level (not nested).
Obviously the “/” in the name is needed for validation against the type. Replacing the “/” with the encoded/escaped value “%2F” or the expression uriComponent(‘/’) doesn’t help. Removing the “/” it says:
{
"code": "InvalidTemplate",
"message": "Deployment template validation failed: 'The template resource 'my-random-keyvault' for type 'Microsoft.CognitiveServices/accounts/defenderForAISettings' at line '1411' and column '74' has incorrect segment lengths. A nested resource type must have identical number of segments as its resource name. A root resource type must have segment length one greater than its resource name. Please see https://aka.ms/arm-syntax-resources for usage details."
}
The docs also very clearly state that the “/” is valid and indeed required:
- https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-invalid-name-segments?tabs=json
- https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/child-resource-name-type
So what do I need to do to resolve this?
4
It is possible that the exported templates fail the provision of redeploying it though the exported template is valid Json.
According to the given MS Doc, there are some limitations given here when it comes to exporting and redeploying the templates.
Export is not guaranteed to succeed. Check your exported template to make sure it includes the properties you need. If necessary, edit the exported template.
So, it means that you need to verify the template first before redeploying it and add the missing or necessary properties or changes to deploy it successfully.
Referring to az group export command, I have exported the existed key vault template in the below way as shown and was succeeded saving it to the output Json file exportedtemplate.json.
keyvaultID=$(az resource show --resource-group caronew --name carokeyv --resource-type Microsoft.keyvault/vaults --query id --output tsv)
az group export --resource-group caronew --resource-ids $keyvaultID > exportedtemplate.json
After exporting it to the console, I have tried to redeploy it to another resource group according to your requirement, but it failed with some error called “Parameter value not specified”.
Then I compared the sample key vault and secret ARM template from MSDoc with the generated exported template and made few changes to run it successfully. I was able to redeploy it to another resource group without any conflict.
az deployment group create --resource-group pyrgp --template-file exportedtemplate.json
2